virtual reality:virtual reality: how secure is your ... · ibm internet security systems operating...
TRANSCRIPT
![Page 1: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/1.jpg)
IBM Global ServicesIBM Global Services
Virtual Reality:Virtual Reality:Virtual Reality: Virtual Reality: How Secure Is Your How Secure Is Your VirtualisedVirtualised NetworkNetworkVirtualisedVirtualised NetworkNetwork
Joshua CormanJoshua Corman
IBM Internet Security SystemsAhead of the threat.™IBM Internet Security SystemsAhead of the threat.™
®
Principal Security StrategistPrincipal Security Strategist
© 2006 IBM Corporation10/2/2008 © 2007 IBM Corporation
![Page 2: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/2.jpg)
IBM Internet Security Systems
Agenda
Introduction to VirtualizationIntroduction to Virtualization
Security and Risk Implications
Operational and Organizational ImplicationsOperational and Organizational Implications
Common Mistakes
What Can I Do?– Current technologies and solutions
– The future of virtualization and enterprise security
© 2007 IBM Corporation
![Page 3: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/3.jpg)
IBM Internet Security Systems
Foreword: Unprecedented Cost and ComplexityNew methods and motives: adding to the complexity and sheer number of
risks
IT Innovation: Compliance spending: investing requiring new ways to
secure the new ways we collaborate
spending: investing in more point products to solve more point problems
The global economy:Fluctuations in economic climates
Flexibility in business methods: to improve operations and serve
© 2007 IBM Corporation
customers
![Page 4: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/4.jpg)
IBM Internet Security Systems
Introduction to Virtualization
© 2007 IBM Corporation4
![Page 5: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/5.jpg)
IBM Internet Security Systems
Basics: Disruptive Innovation
Virt ali ation is a Disr pti e Inno ationVirtualization is a Disruptive Innovation
Virtualization:
The logical abstraction of physical computing (OS li i i hresources (OS, application, switches, storage,
networks) designed to create computing environments that are not restricted by physical y p yconfiguration or implementation.
© 2007 IBM Corporation
![Page 6: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/6.jpg)
IBM Internet Security Systems
B i Vi t li ti A hit tBasics: Virtualization Architecture
Before Virtualization
After Virtualization
Before Virtualization
OperatingS t
OperatingS t
Applications Applications
VMM or Hypervisor
System System
OperatingSystem
Applications
yp
Hardware
y
© 2007 IBM Corporation6
![Page 7: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/7.jpg)
IBM Internet Security Systems
B i Vi t li ti TBasics: Virtualization Typestype-2 VMM type-1 VMM
Guest 1 Guest 2
Host OS
VMM
VMM
Guest 1 Guest 2
Examples: Examples:
Hardware Hardware
pKVM (Linux)VMware WorkstationVMware ServerMicrosoft Virtual PC
pXenVMware ESXIBM pHype / LPARsMicrosoft Hyper V
© 2007 IBM Corporation
Microsoft Virtual PC Microsoft Hyper-V
7
![Page 8: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/8.jpg)
IBM Internet Security Systems
What does Virtualization Change?
E er thingEverything – Dynamic, fluid data-center
Resource pools– Resource pools
– Commoditization of everything
Increased efficiency– Increased efficiency
NothingVirtual IT is still IT– Virtual IT is still IT
• Security, sprawl, management, complexity, heterogeneity
© 2007 IBM Corporation
![Page 9: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/9.jpg)
IBM Internet Security Systems
Major Players
Acquired XenSource in 2007 for $500 q $million
Based on open-source Xen hypervisorFounded in 1998Division of EMC
Virtual server, acquired VirtualPC in 2003 from ConnectixPioneered virtualization over from Connectix
Hyper-V (fka Viridian) to be released in 2008Pioneered virtualization over 40 years agoLPAR, sHype, Phantom
Based on open-source Xen hypervisor
© 2007 IBM Corporation
![Page 10: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/10.jpg)
IBM Internet Security Systems
Security and Risk ImplicationsSecurity and Risk Implications
© 2007 IBM Corporation10
![Page 11: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/11.jpg)
IBM Internet Security Systems
Virtualization and Enterprise Security
Virt ali ation ! Sec ritVirtualization != Security– Standard servers are as secure as standard VMs
P titi i di id VM b t d tPartitioning divides VMs, but does not secure them
Same principles applySame principles apply– Defense in depth
Network design and– Network design and segmentation
– Unified security management
© 2007 IBM Corporation
![Page 12: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/12.jpg)
IBM Internet Security Systems
Threat Landscape
Ne S ath of A ailabilit AttacksNew Swath of Availability Attacks– Owning a single guest
Breaking out of the guest– Breaking out of the guest
– Compromise of Virtual Console/Managementg
• Provision my own evil guest(s)• Adjust resource quotas
Shut OFF guest(s)• Shut OFF guest(s)– Compromise of the VMM/Hypervisor
• IsGameOver()
© 2007 IBM Corporation
()
![Page 13: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/13.jpg)
IBM Internet Security Systems
Threat Landscape (cont.)
Other ThreatsOther Threats…– Regulatory
Auditors– Auditors
– Org-Charts... • Separation of DutiesSeparation of Duties• Politics
© 2007 IBM Corporation
![Page 14: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/14.jpg)
IBM Internet Security Systems
P i t f EPoints of ExposureExisting Threats
OperatingSystem
Applications
New ThreatsVirtualMachine
VMM or Hypervisor
System
Management
New Threats
New Threats
Hardware New Threats
More Components = More Exposure
© 2007 IBM Corporation14
![Page 15: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/15.jpg)
IBM Internet Security Systems
Operating Systems and Applications
Traditional threats remain:Virtual
MachineOS
App
Mgmt
– Malware: Viruses, Worms, Trojans, Rootkits
– DoS/DDoS attacks
VMM or Hypervisor
Hardware
Mgmt
– Buffer Overflows, SQL Injection, XSS
– Data Leakage
– Access Control, Compliance, Integrity
Virtualized OSes and Apps threats remain:– Disaster Recovery and Sandboxing are notable arguments
– However, they do not increase native resistance to OS/Application threats
© 2007 IBM Corporation15
![Page 16: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/16.jpg)
IBM Internet Security Systems
Virtual MachinesCompliance and Patching
Ability to “Suspend” / “Activate” VMs alters update Virtual
MachineOS
App
Mgmt
lifecycle.
Virtual Sprawl and Identification
VMM or Hypervisor
Hardware
Mgmt
Difficult to keep track of VMs. Unmanaged, rogue VMs.
Dynamic Relocation (Live Migration)
Are VMs moving to less secure machines, networks,
datacenters, etc?
SStatic security policies no longer apply.
© 2007 IBM Corporation16
![Page 17: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/17.jpg)
IBM Internet Security Systems
Virtual Machines (cont.)
Replay Attacks and Data Retention
VM replay may foster advanced cryptographic
VirtualMachineOS
App
MgmtVM replay may foster advanced cryptographic
attacks.
Is sensitive data being cached in unknown areas
VMM or Hypervisor
Hardware
Mgmt
Is sensitive data being cached in unknown areas
for replay purposes?
Virtual Machine StealingVirtual Machine Stealing
VMs are just as files, its trivial to steal a full
system or groups of systemssystem or groups of systems.
© 2007 IBM Corporation17
![Page 18: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/18.jpg)
IBM Internet Security Systems
Exploiting Live Migration: Xensploit
Search for sshd object code.
Modify authentication routine.
VMM
Guest A Guest B
VMM
Guest C Guest BAllow all users!
Guest B
VMM
Hardware
VMM
Hardware
P t t d O t f b d N t k SSH LOGIN ALLOWED!Protected, Out-of-band Network SSH LOGIN ALLOWED!
A man-in-the-middle attack can be used to own endpoints in limitless waysBy default, live migration traffic is sent in plain text across the network.
© 2007 IBM Corporation18
A man in the middle attack can be used to own endpoints in limitless ways.
![Page 19: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/19.jpg)
IBM Internet Security Systems
Virtual Machine Manager / Hypervisor
Single Point-of-Failure/AttackM d t A C t l / R Sh i
VirtualMachineOS
App
MgmtMandatory Access Control / Resource SharingCan we guarantee isolation, sharing and communication?
Inter-VM Traffic Analysis:
VMM or Hypervisor
Hardware
Mgmt
VMService
Traditional Security Who’s Watching?
VMServiceProcessVMService
ProcessVMServiceProcessVMService
ProcessVMServiceProcessVMService
Process VMVM
Physical N
VMServiceProcessVMService
ProcessVMServiceProcessVMManagement
NIC
s
Physical Network Virtual Network
© 2007 IBM Corporation
Physical Network Virtual Network
19
![Page 20: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/20.jpg)
IBM Internet Security Systems
VMM / Hypervisor (cont.)
Att k i t th VMM / H i
VirtualMachineOS
App
MgmtAttacks against the VMM / Hypervisor.There are going to be bugs that lead to security risks.
Shrinking size of VMMs is good for security, but does not make them immune to risk Features demand complex code
VMM or Hypervisor
Hardware
Mgmt
not make them immune to risk. Features demand complex code.
VMware ESX 3~2GB Surface AreaLines of Code: Millions
VMware ESX 3i~32MB Surface AreaLines of Code: ~200,000
Hypervisor ServicesNetwork – DHCP, vSwitching, general packet processing
Communication – Inter-domain communication APIs (VMCI, XenSocket)
Other Services – Security (VMsafe), Disaster Recovery (vMotion), etc.
© 2007 IBM Corporation20
![Page 21: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/21.jpg)
IBM Internet Security Systems
H d A i tVirtualization-Aware Hardware
Hardware Assist (Intel-VT, AMD-V)
Techniques (e.g. rootkits) with stealth capabilities.
L l l k d t ti diffi lt
VirtualMachineOS
App
MgmtLow-level makes detection more difficult.
Risk to non-virtualized deployments.
• Blue Pill: Malicious hypervisor injection for AMD-V
VMM or Hypervisor
Hardware
Mgmt
• Blue Pill: Malicious hypervisor injection for AMD-V
• Vitriol: Leverages Intel VT-x
I/O Virtualization
VMs natively share virtualization-aware I/O devices.
• Virtual Ethernet Cards (vNICs), Virtual FC HBAs (vHBAs), etc.How do we secure a new class of on-demand, dynamic and virtualized
© 2007 IBM Corporation
, yallocation of resources?
21
![Page 22: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/22.jpg)
IBM Internet Security Systems
Management Infrastructure
S ft Th t
VirtualMachineOS
App
MgmtSoftware Threats:Keys to the castle.
VMM or Hypervisor
Hardware
Mgmt
Vulnerabilities in management applications.
Secure storage of Virtual Machines and management data.
Operational Threats:Managing risk requires new technology, skills and expertise.
We now also factor the extremely dynamic nature of virtualization into our evaluation of overall risk.
© 2007 IBM Corporation22
![Page 23: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/23.jpg)
IBM Internet Security Systems
Vulnerabilities by Year
XFDB Search: VMware, Xen, Virtual PC, QEMU, Parallels, etc.
© 2007 IBM Corporation23
![Page 24: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/24.jpg)
IBM Internet Security Systems
Operational and Organizational Operational and Organizational I li tiI li tiImplicationsImplications
© 2007 IBM Corporation24
![Page 25: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/25.jpg)
IBM Internet Security Systems
Organizational Ownership?
Who owns the Virtual [Fill in the Blank] ?Network Admin
Server Admin
Application Owners
Data Custodians
?Traditional Security Who’s Watching?
VMServiceProcessVMService
ProcessVMServiceProcessVMService
ProcessVMServiceProcessVMService
Process VMVM
Physical
VMServiceProcessVMService
ProcessVMServiceProcessVMManagement
NIC
s
© 2007 IBM Corporation
Physical Network Virtual Network
25
![Page 26: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/26.jpg)
IBM Internet Security Systems
Organizational Ownership?
Traditional disciplines d f ti till iand functions still require
competenceSeparation/Segregation of Duties p g gremains critically importantCare and Feeding of the Virtual Infrastructure will also be requiredInfrastructure will also be required– Are you likely to have a mix of Physical
and Virtual Servers?A lik l h h– Are you likely to have a heterogeneous mix of Virtual platforms?
© 2007 IBM Corporation26
![Page 27: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/27.jpg)
IBM Internet Security Systems
Politics of Ownership“Turf Wars” and “Land Grabs” are possible“Hot Potato” is also possible“Finger Pointing” is probable
© 2007 IBM Corporation27
![Page 28: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/28.jpg)
IBM Internet Security Systems
New Operational ChallengesFind the Server…– Live Migration makes servers harder to track
C f /Configuration/Patch Management– Pause/Offline features impact:
• AuditsAudits• Scanning• Patching
– Boot Prone?
Image ManagementStorage– Storage
– Version Control
© 2007 IBM Corporation28
![Page 29: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/29.jpg)
IBM Internet Security Systems
Operational Controls
Discipline, Discipline, Discipline
What are your policies for use of Virtualization?
Which Servers can be clustered?– Which Servers can be clustered?– Which Servers cannot be clustered?
What are your controls for provisioning?
Easy to slip into Virtual Sprawl– Easy to slip into Virtual Sprawl– Two Key System?
© 2007 IBM Corporation29
![Page 30: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/30.jpg)
IBM Internet Security Systems
Common MistakesCommon Mistakes© 2007 IBM Corporation
Common MistakesCommon Mistakes30
![Page 31: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/31.jpg)
IBM Internet Security Systems
El ti Ri kElective Risk
Never use Type 2 Server Virtualization forNever use Type 2 Server Virtualization for Production– True Story…
These “Free” versions of the platform are meant for Testingfor Testing
Type-2 VMM specific vulnerabilitiesy
© 2007 IBM Corporation31
![Page 32: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/32.jpg)
IBM Internet Security Systems
F il t E t bli h P liFailure to Establish Policy
Before it gets away from youBefore it gets away from you…
Establish Clear Use Guidelinesstab s C ea Use Gu de esEstablish Clear Roles & ResponsibilitiesEstablish Controls for ProvisioningEstablish Intelligent Image ManagementEstablish Security GuidelinesEstablish Compliance Requirements
© 2007 IBM Corporation32
![Page 33: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/33.jpg)
IBM Internet Security Systems
F il t C id C liFailure to Consider Compliance
Will you still be PCI Compliant?Will you still be PCI Compliant?– Consult your Auditors Early and Often
PCI DSS 2.2.1 states: “Implement only one primary function per server”– How does your auditor interpret this?How does your auditor interpret this?– What I’ve seen…
Anticipate Future Regulatory Granularity– Right now Virtualization is ahead of Compliance
© 2007 IBM Corporation33
![Page 34: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/34.jpg)
IBM Internet Security Systems
F il t I l S itFailure to Involve Security
By default Virtualization reduces your securityBy default, Virtualization reduces your security posture– New attack surfaces– New operational risks– New availability risks
Increased comple it that comes ith beneficial feat res– Increased complexity that comes with beneficial features• E.g. Live Migration
Security Analysis/Design can inform smartSecurity Analysis/Design can inform smart compensating controls and best practices while countermeasures mature
© 2007 IBM Corporation34
![Page 35: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/35.jpg)
IBM Internet Security Systems
F il t C t l Li Mi tiFailure to Control Live Migration
Cascading Failover Example– True Story…
We often overlook the fluid realities of Live Migration– E.g VMotiong
© 2007 IBM Corporation35
![Page 36: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/36.jpg)
IBM Internet Security Systems
“Sil B ll t” Vi t l A li“Silver Bullet” Virtual Appliances
Today’s Virtual Security Appliances are veryToday s Virtual Security Appliances are very nascent– Coverage is limited– There is NO Silver Bullet– Buzz Words and Snake Oil abound
Realistic expectations can help reduce over confidence– Realistic expectations can help reduce over-confidence in these products
S it ill i Vi t l Pl tfSecurity will improve as Virtual Platforms release their Security APIs and as Security Vendors leverage them
© 2007 IBM Corporation36
![Page 37: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/37.jpg)
IBM Internet Security Systems
What Can I Do?What Can I Do?© 2007 IBM Corporation
What Can I Do?What Can I Do?37
![Page 38: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/38.jpg)
IBM Internet Security Systems
Securing Virtualization: TodayPhysical ResourcesPhysical ResourcesPhysical Resources
First Generation Virtualization Security:
I t ll it i h t VM App
Physical ResourcesMEMORY: ~128MCPU: 5-25%
Physical ResourcesMEMORY: ~128MCPU: 5-25%
Physical ResourcesMEMORY: ~128MCPU: 5-25%
Install security in each guest VM.Apply defense-in-depth.Lock-Down Management.Segment networks with VLANs.
Mgmt.VM
App
OS
GuestVM
GuestVM
Physical ResourcesMEMORY: ~512MCPU: 25-30%
Seg e e o s sUse stand-alone security appliances.
Potential Limitations:
Stand-aloneSecurity
Appliance
VMM or Hypervisor
HardwareNew VMs need security provisioning.Redundant security = more resources. Management nightmare.Inter VM network traffic analysisInter-VM network traffic analysis.Implicit trust in the VMM.
We can do better! - Integrate security into th Vi t l i f t t d ’t b lt it
CPU Memory
© 2007 IBM Corporation
the Virtual infrastructure, don’t bolt it on.
38
![Page 39: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/39.jpg)
IBM Internet Security Systems
Securing Virtualization: Tomorrow
I t t d App
Next Generation Virtualization Security: Finance Engineering
IntegratedSecurity
VM
App
OS
Apply defense-in-depth.Shrink the management stack.Install Security VM on each machine.Integrate Security VM with VMM.
GuestVM
GuestVMMgmt
NAC assessment and controlVMM or Hypervisor
Hardware
Integrate Security VM with VMM.
Security VM Features:
Centralized network protection. Network Protection (IPS/FW)
Host Protection (AV/HIPS)
Policy-based MAC
NAC, assessment, and control.
pAgent-less host protection.Policy-based MAC and isolation.VM NAC, assessment, and control.
( )
TPM
SecurityAPIs
vTPM
Additional Security:
Hypervisor attestation (TPM)VM attestation (vTPM)
TPM vTPM
© 2007 IBM Corporation
VM attestation (vTPM)
39
![Page 40: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/40.jpg)
IBM Internet Security Systems
���Gunter Ollmann – Chief Security Strategist
IBM Internet Security Systemsll @ ib��� [email protected]
http://blogs.iss.net
Q i ?Q i ?Questions?Questions?
© 2007 IBM Corporation
![Page 41: Virtual Reality:Virtual Reality: How Secure Is Your ... · IBM Internet Security Systems Operating Systems and Applications Traditional threats remain: Virtual Machine OS App Mgmt](https://reader033.vdocuments.net/reader033/viewer/2022042318/5f075d867e708231d41c9f54/html5/thumbnails/41.jpg)
IBM Internet Security Systems
Further Reading
Chris Hoff’s BLOG “Rational Survivability”– http://rationalsecurity.typepad.com/blog/http://rationalsecurity.typepad.com/blog/
– http://rationalsecurity.typepad.com/blog/virtualization/index.html
– Ongoing Virtualization Thought Leadership
Neil MacDonald of Gartner– Several Excellent Research Notes
X-Force Threat Research– http://www.iss.net/x-force_threat_insight_monthly/index.html
http://blogs iss net/– http://blogs.iss.net/
Center for Internet Security Benchmarking– http://www cisecurity org/bench vm html
© 2007 IBM Corporation
– http://www.cisecurity.org/bench_vm.html